Data
- Crunchyroll Breached via BPO Partner: 100GB Allegedly Stolen, Still No Disclosure
A threat actor claims to have exfiltrated 100GB of customer data from Crunchyroll after compromising a Telus BPO employee on March 12, 2026. Eleven days later, Crunchyroll has made no public disclosure -- raising serious questions about GDPR compliance and third-party vendor risk.
- Bill C-22: Canada Builds the Surveillance Infrastructure, Then Worries About Access Rules
Canada's Bill C-22 narrows warrantless access to subscriber data -- then mandates that ISPs and electronic service providers build permanent network surveillance infrastructure. The access rules improved. The infrastructure problem did not.
- The Invisible Processor: Conduent, 25 Million Americans, and the Structural Problem Nobody Fixed
The SafePay ransomware group spent nearly three months inside Conduent's systems before anyone noticed. The bigger problem isn't the attack -- it's that 25 million people had no idea their data was there in the first place.
- The Ad SDK You Shipped Is a Government Surveillance Vector
CBP has officially acknowledged it buys location data sourced from the real-time bidding ecosystem -- data that flows directly from ordinary apps through ad SDKs to government analysts. This is a product engineering post about what your app is actually participating in, and what to do about it.